Cyber  Threat  Prioritization 


FSSCC  Threat  and  Vulnerability 
Assessment  Committee 

Jay  McAllister 

October  1, 2014 


Software  Engineering  Institute 


Carnegie  Mellon  University 


©  2014  Carneg 


Report  Documentation  Page 

Form  Approved 

0MB  No.  0704-0188 

Public  reporting  burden  for  the  collection  of  information  is  estimated  to  average  1  hour  per  response,  including  the  time  for  reviewing  instructions,  searching  existing  data  sources,  gathering  and 
maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comments  regarding  this  burden  estimate  or  any  other  aspect  of  this  collection  of  information, 
including  suggestions  for  reducing  this  burden,  to  Washington  Headquarters  Services,  Directorate  for  Information  Operations  and  Reports,  1215  Jefferson  Davis  Highway,  Suite  1204,  Arlington 

VA  22202-4302.  Respondents  should  be  aware  that  notwithstanding  any  other  provision  of  law,  no  person  shall  be  subject  to  a  penalty  for  failing  to  comply  with  a  collection  of  information  if  it 
does  not  display  a  currently  valid  0MB  control  number. 

1 .  REPORT  DATE  2.  REPORT  TYPE 

01  OCT  2014  N/A 

3.  DATES  COVERED 

4.  TITLE  AND  SUBTITLE 

Cyber  Intelligence  Threat  Prioritization 

5a.  CONTRACT  NUMBER 

5b.  GRANT  NUMBER 

5c.  PROGRAM  ELEMENT  NUMBER 

6.  AUTHOR(S) 

Jay  McAllister 

5d.  PROJECT  NUMBER 

5e.  TASK  NUMBER 

5f.  WORK  UNIT  NUMBER 

7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS(ES) 

Software  Engineering  Institute  Carnegie  Mellon  University  Pittsburgh, 

PA  15213 

8.  PERFORMING  ORGANIZATION 

REPORT  NUMBER 

9.  SPONSORING/MONITORING  AGENCY  NAME(S)  AND  ADDRESS(ES) 

10.  SPONSOR/MONITOR’S  ACRONYM(S) 

11.  SPONSOR/MONITOR’S  REPORT 
NUMBER(S) 

12.  DISTRIBUTION/AVAILABILITY  STATEMENT 

Approved  for  public  release,  distribution  unlimited 

13.  SUPPLEMENTARY  NOTES 

The  original  document  contains  color  images. 

14.  ABSTRACT 

15.  SUBJECT  TERMS 

16.  SECURITY  CLASSIFICATION  OF:  17.  LIMITATION  OF 

18.  NUMBER  19a.  NAME  OF 

a.  REPORT  b.  ABSTRACT  c.  THIS  PAGE  SAR 

unclassified  unclassified  unclassified 

15 

standard  Form  298  (Rev.  8-98) 

Prescribed  by  ANSI  Std  Z39-18 


Copyright  2014  Carnegie  Meiion  University 

This  materiai  is  based  upon  work  funded  and  supported  by  the  Department  of  Defense  under  Contract  No.  FA8721-05-C-0003  with  Carnegie 
Meiion  University  for  the  operation  of  the  Software  Engineering  Institute,  a  federaiiy  funded  research  and  deveiopment  center. 

Any  opinions,  findings  and  conciusions  or  recommendations  expressed  in  this  materiai  are  those  of  the  author(s)  and  do  not  necessariiy  reflect 
the  views  of  the  United  States  Department  of  Defense. 

NO  WARRANTY.  THIS  CARNEGIE  MELLON  UNIVERSITY  AND  SOFTWARE  ENGINEERING  INSTITUTE  MATERIAL  IS  FURNISHED  ON  AN 
“AS-IS”  BASIS.  CARNEGIE  MELLON  UNIVERSITY  MAKES  NO  WARRANTIES  OF  ANY  KIND,  EITHER  EXPRESSED  OR  IMPLIED,  AS  TO 
ANY  MATTER  INCLUDING,  BUT  NOT  LIMITED  TO,  WARRANTY  OF  FITNESS  FOR  PURPOSE  OR  MERCHANTABILITY,  EXCLUSIVITY,  OR 
RESULTS  OBTAINED  FROM  USE  OF  THE  MATERIAL.  CARNEGIE  MELLON  UNIVERSITY  DOES  NOT  MAKE  ANY  WARRANTY  OF  ANY 
KIND  WITH  RESPECT  TO  FREEDOM  FROM  PATENT,  TRADEMARK,  OR  COPYRIGHT  INFRINGEMENT. 

This  materiai  has  been  approved  for  pubiic  reiease  and  uniimited  distribution  except  as  restricted  beiow. 

This  materiai  may  be  reproduced  in  its  entirety,  without  modification,  and  freeiy  distributed  in  written  or  eiectronic  form  without  requesting  formai 
permission.  Permission  is  required  for  any  other  use.  Requests  for  permission  shouid  be  directed  to  the  Software  Engineering  Institute  at 
permission@sei.cmu.edu. 

DM-0001690 


Software  Engineering  Institute  Carnegie  Mellon  University 


Cyber  Intelligence  Threat  Prioritization 
October  1,  2014 

©  2014  Carnegie  Mellon  University 


Agenda 


Background:  Cyber  Intelligence  Tradecraft  Project 
Cyber  Threat  Prioritization 

Future  Development:  Cyber  Intelligence  Research  Consortium 


Software  Engineering  Institute  Carnegie  Mellon  University 


Cyber  Intelligence  Threat  Prioritization 
October  1,  2014 

©  2014  Carnegie  Mellon  University 


Background: 

Cyber  Intelligence  Tradecraft  Project 
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Cyber  Intelligence  Tradecraft  Project 


Sponsor 

•  National  Intelligence  Manager  for  Cyber,  Office  of  the  Director  of  National 
Intelligence  (ODNI) 

Purpose 

•  Study  how  organizations  from  industry,  government,  and  academia 
perform  cyber  intelligence  (methodologies,  processes,  tools,  and  training) 

Definition  of  cyber  intelligence 

•  The  acquisition  and  analysis  of  information  to  identify,  track,  and  predict 
cyber  capabilities,  intentions,  and  activities  to  offer  courses  of  action  that 
enhance  decision  making 

Overall  finding 

•  The  most  effective  organizations  balanced  the  need  to  protect  their 
network  perimeters  with  the  need  to  look  beyond  them  for  strategic  insights 
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Percentage 


Cyber  threat  baseline 
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Cyber  Threat  Prioritization 


-  Software  Engineering  institute  Carnegie  Mellon  University 
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Q;  How  do  you  rank  threats,  from  high  to  low? 

‘‘We  consider 
everything  a  high 
priority  threat.” 

-  us  government  participant 
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Capability 


Implementing... 

Threat  =  Likelihood  +  Impact  +  Risk 
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Future  Development: 

Cyber  Intelligence  Research  Consortium 
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Cyber  Intelligence  Research  Consortium 


Purpose 

•  Research  and  develop  technical  solutions  and  analytical  practices  to  help 
people  make  better  judgments  and  quicker  decisions  with  cyber  intelligence 

Membership 

•  Decision  makers  and  practitioners  from  academia,  Department  of  Defense, 
defense  contracting,  energy,  financial  services,  and  the  U.S.  Intelligence 
Community 

Offerings 

•  Cyber  threat  baseline:  Threat  environment  research  to  identify  best  practices 

•  Tradecraft  labs:  Workshops  to  advance  analytical  &  technological  capabilities 

•  Implementation  frameworks:  How-to  guides  for  key  intelligence  practices 

•  Crisis  simulation:  Capture-the-flag  exercise  to  apply  techniques  &  technologies 

•  Intelligence  insights:  Continuous  communication  on  relevant  topics 
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Questions? 


Jay  McAllister 

Senior  Analyst  -  Emerging  Technology  Center 

Software  Engineering  Institute  -  Carnegie  Mellon  University 

412.268.9193 

iimcallister@sei.cmu.edu 

@sei_etc 

Tradecraft  Project:  http://www.sei.cmu.edu/about/organization/etc/citp.cfm 

Threat  Prioritization:  http://www.sei.cmu.edu/about/orqanization/etc/citp- 
cvber-threat-prioritization.cfm 

Consortium:  http://www.sei.cmu.edu/about/orqanization/etc/overview.cfm 
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